Tag: security

Begin and end a morning commute. Red dots = standing still over 4 minutes.

❝ Privacy concerns have long swirled around how much information online advertising networks collect about people’s browsing, buying and social media habits — typically to sell you something.

But could someone use mobile advertising to learn where you go for coffee? Could a burglar establish a sham company and send ads to your phone to learn when you leave the house? Could a suspicious employer see if you’re using shopping apps on work time?

❝ The answer is yes, at least in theory. New University of Washington research, which will be presented Oct. 30 at the Association for Computing Machinery’s Workshop on Privacy in the Electronic Society, suggests that for roughly $1,000, someone with devious intent can purchase and target online advertising in ways that allow them to track the location of other individuals and learn what apps they are using…

❝ “Because it was so easy to do what we did, we believe this is an issue that the online advertising industry needs to be thinking about,” said co-author Franzi Roesner, co-director of the UW Security and Privacy Research Lab… “We are sharing our discoveries so that advertising networks can try to detect and mitigate these types of attacks, and so that there can be a broad public discussion about how we as a society might try to prevent them.”

Mail me a penny postcard when the advertising industry and our plastic, fantastic lawmakers take this seriously.

❝ With no apparent sense of irony, the nation’s tax collectors have awarded embattled credit-reporting agency Equifax a contract to assist the IRS in verifying “taxpayer identities” as well as assist in “ongoing identity verification and validations,” according to contract award posted to the Federal Business Opportunities database.

❝ Equifax, of course, is facing intense criticism over a cybersecurity incident which reportedly compromised the personal information of roughly 145 million Americans. The company’s former CEO, Richard Smith, was taken to task on Tuesday while testifying before the House Energy and Commerce subcommittee. Smith resigned last week amid backlash over the company’s handling of the breach.

Republicans and Democrats alike lambasted the former chief executive over Equifax’s response. Representative Greg Walden was perhaps the harshest in his criticism: “I don’t think we can pass a law that fixes stupid…”

Not a case I would say of “The blind leading the blind” — more like “Stupid leading the incompetent”.

❝ Six ad industry organizations have crafted an open letter complaining about changes coming to Apple’s Safari browser, claiming that a new feature — “Intelligent Tracking Prevention” — will hurt both them — and the public.

Har!

❝ The technology’s restrictions on cookies blah, blah, blah!…Some of the groups behind the statement include the Interactive Advertising Bureau, the American Advertising Federation, and the Data and Marketing Association…

❝ The U.S. electrical grid was ranked by the National Academy of Engineering as the greatest achievement of the 20th century, and it was this vast infrastructure that helped to power our economy, enhance our communities and light up our lives. But the centralized power grid is not perfect, and it faces an array of risks from natural disasters to human and cyber attacks.

As electricity becomes more and more critical in our lives, wide-ranging blackouts won’t just be a personal annoyance — they could cripple our economy. A diversified energy portfolio that includes renewable generation creates a more resilient grid. A recent draft of a report from the Department of Energy also concluded that wind and solar energy create a more reliable grid.

❝ The added security provided by renewables is why everyone — from the military to Fortune 100 companies — is finding ways to use clean reliable distributed power systems to support their operations.

❝ The U.S. Secret Service is the hot, new “amenity” at Trump Tower, where desperate brokers are trying to lure well-heeled clients into the building on Fifth Avenue that has served as President-elect Donald Trump’s home as well as his campaign and transition headquarters.

Less than a week after Trump was elected, prominent New York real estate agency Douglas Elliman blasted out an email with the subject: “Fifth Avenue Buyers Interested in Secret Service Protection?” to advertise a $2.1 million, 1,052-square-foot condo in the tower on 721 Fifth Avenue…

❝ Trump was the developer and sponsor of Trump Tower when it was built 33 years ago, but most of the 263 units are individually owned. Trump Tower does not retain a portion of the sales but since the building is managed by Trump Corporation, it retains a processing fee for unit sales which is about $2,000 per application plus $250 per additional adult dweller, as part of its service as manager of the building.

The condominium collects the common charge, but Trump manages the garage and vendors like the bar and restaurant in the building…

❝ Police in Virginia have arrested a 13-year-old girl in connection with a social media threat involving a clown.

The investigation revealed that the girl made contact with someone via social media, and asked the person to murder one of her teachers at Davis Middle School…

The person she contacted was using a clown photo as a profile picture as well as an alias.

❝ The 13-year-old girl from Hampton was arrested and charged with one count of threatening to kill by electronic message. She remains in custody.

❝ Hampton police detectives made contact with the victim to ensure her safety and make her aware of the situation. At this time, there is no evidence to indicate a threat against any others.

There was increased police presence Monday at Davis Middle School and Hampton police officers are working with school security to ensure student safety.

❝ This incident comes just two days after schools in Hampton and Newport News tightened security because of threats from social media accounts of people posing as clowns…

The Hampton Police Division is collaborating with Hampton City Schools, the Newport News Police Division, and the FBI Joint Terrorism Task Force to investigate each of these threats and social media pages.

None of the security hustlers are going to miss out on an opportunity to increase fun and profits from fear. I’m surprised the NRA hasn’t shown up selling handguns outside the school. Yet.

❝ U.S. intelligence officials told top congressional leaders a year ago that Russian hackers were attacking the Democratic Party, three sources familiar with the matter said on Thursday, but the lawmakers were unable to tell the targets about the hacking because the information was so secret…

❝ The material was marked with additional restrictions and assigned a unique codeword, limiting access to a small number of officials who needed to know that U.S. spy agencies had concluded that two Russian intelligence agencies or their proxies were targeting the Democratic National Committee, the central organizing body of the Democratic Party…

Our spy professionals decided the DNC didn’t need to know.

❝ The alleged hacking of the Democrats and the Russian connection did not become public until late last month when the FBI said it was investigating a cyber attack at the DNC…

❝ The congressional briefing was given last summer in a secure room called a Sensitive Compartmented Information Facility, or SCIF, to a group of congressional leaders informally known as the “Gang of Eight,” the sources said.

The group at the time included four Republicans: Senate Majority leader Mitch McConnell and House of Representatives Speaker John Boehner, and Senator Richard Burr and Representative Devin Nunes, the House and Senate intelligence committee chairs. Their Democratic counterparts were: Senator Harry Reid and Representative Nancy Pelosi, and Senator Dianne Feinstein and Representative Adam Schiff of the intelligence committees…

A bipartisan group of professional politicians who couldn’t care less about transparency, security.

❝ The attack on the DNC later led the hackers to other party organizations, including the Democratic Congressional Campaign Committee, which raises funds for House candidates, Hillary Clinton’s presidential campaign, and other groups…

One of the sources said the Clinton campaign first detected attacks on its data system in early March, and was given what the source described as a “general briefing” about it by the FBI later that month. The source said the FBI made no mention of a Russian connection in that briefing and did not say when the penetration first took place.

❝ According to a memo obtained by Reuters, interim DNC Chair Donna Brazile said on Thursday she was creating a Cybersecurity Advisory Board “to ensure prevent future attacks and ensure that the DNC’s cybersecurity capabilities are best-in-class.”

Better update security on your own. Obviously you can’t count on our bought-and-paid-for government spies to offer any help.

❝ Apple’s move to encrypt your iPhone and WhatsApp’s rollout of end-to-end encrypted messaging have generated plenty of privacy applause and law enforcement controversy. But more quietly, a small non-profit project has enacted a plan to encrypt the entire global web. And it’s working.

Earlier this week, the San Francisco-based Internet Security Research Group announced that the initiative it calls Let’s Encrypt is coming out of beta — and that it’s making serious headway toward helping tens of millions of unencrypted sites around the world switch from the insecure web standard HTTP to HTTPS, which encrypts your web browsing to protect it from surveillance.

Since launching less than six months ago, Let’s Encrypt has helped 3.8 million websites switch to HTTPS encryption, taking a significant chunk out of the unprotected web data that’s available to those eavesdroppers…

❝ Let’s Encrypt has tried to make it easier for websites to switch from HTTP to HTTPS by flattening one of the biggest hurdles in the process: certificates. Let’s Encrypt functions as a certificate authority, one of the dozen or so organizations like Comodo, Symantec, Godaddy and Globalsign that verify that servers running HTTPS web sites are who they claim to be…Once verified, these authorities issue those computers a “certificate” they need to make their HTTPS encryption work with your browser. The certificate is designed to be an unforgeable signature that’s cryptographically checked by your browser so that you can be sure your communications are decrypted only by the intended site and not an impostor.

Unlike commercial certificate authorities, however, Let’s Encrypt is free, thanks to corporation sponsorship from companies including Cisco, Google and Akamai. It’s available to websites anywhere in the world—even far-flung countries like Cuba and Iran that sometimes aren’t served by other major certificate authorities. And it’s automatically configured with a piece of code that runs on any server that wants to switch on HTTPS.

Guaranteed to piss off the official snoops as well as the erratically-malicious creeps on the civilian side of snooping. This doesn’t give you an invisible shield like some of the serious end-to-end encryption systems; but, it certainly makes eavesdropping a bit harder for Big Brother.

❝ The legal showdown between Apple and U.S. law enforcement over encryption, no matter the outcome, will likely accelerate tech company efforts to engineer safeguards against government intrusion, tech industry executives say.

❝ If Apple loses the court case, the legal precedent could give the U.S. government broad authority to order companies to assist in breaking into encrypted products.

But even a government victory could have unintended consequences for law enforcement, potentially prompting a wave of investment by U.S. tech companies in security systems that even their own engineers can’t access, said Jonathan Zittrain, co-founder of…Berkman Center for Internet & Society…

❝ The fast-growing online storage provider Box has already made it a priority to give customers sole custody of data, said Joel De la Garza, chief information security officer at the company. The intent is to make it impossible for the company to access its customers’ data – even under a government order, he said.

❝ In the more than two years since former U.S. intelligence contractor Edward Snowden revealed widespread spying via U.S. companies, a handful of companies have released secure phones…that trumpet security as a prime selling point…

Those businesses could surge if the Apple fight drags on…The fight between Apple and the government could give such security efforts a new urgency.